Regulatory Compliance

The EU Data Act is a regulation designed to ensure fairness in the digital economy by making data more accessible and portable. It applies to customers using cloud-based services in the European Union.

For Dassault Systèmes' customers, it provides greater transparency and clearer rights when switching service providers.

Customers can find detailed instructions in the Dassault Systèmes Knowledge Base article titled “Switching Procedures”, which explains how to retrieve their data and outlines the process step by step. This article is accessible through the link provided in the applicable Customer Contract or Country-Specific Terms.

For additional guidance, customers may also contact their reseller or Dassault Systèmes Support.

Yes. Dassault Systèmes provides documentation, secure data export mechanisms, and clear communication to ensure a secure and transparent switching process, in line with the EU Data Act requirements.

More information is available in the “Switching Procedures” Knowledge Base article.

Switching from one provider to another may involve common challenges, such as format incompatibilities or delays caused by transforming data into the new environment. These challenges are not specific to Dassault Systèmes solutions but are generally observed across the industry.

To help anticipate and manage such risks, they are described in the “Switching Procedures” Knowledge Base article, based on experience with large-scale migrations.

Certain data, such as Dassault Systèmes intellectual property or trade secrets, may fall outside the scope of the EU Data Act. The exact scope of exportable data is defined in the Data Register.

The NIS 2 Directive (Directive (EU) 2022/2555) is the European Union’s cybersecurity framework aimed at strengthening the security and operational resilience of public and private entities operating in critical or important sectors, including digital service providers.

No. NIS 2 must be transposed into national law by each EU Member State. This means that certain implementation aspects—such as the designation of competent authorities, incident notification procedures and enforcement mechanisms—may vary from one country to another.

Yes.In October 2024, the European Commission adopted a specific implementing act under the NIS 2 framework applicable to digital service providers, namely Commission Implementing Regulation (EU) 2024/2690.

This regulation establishes a harmonised set of technical and methodological cybersecurity requirements at EU level applicable to entities such as Cloud Service Providers (CSPs) and Managed Service Providers (MSPs).

Unlike national transposition laws, this implementing regulation is directly applicable in all EU Member States and does not require additional national implementation.

Yes. Dassault Systèmes, as a Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) within the EU, falls directly within the scope of Commission Implementing Regulation (EU) 2024/2690.

Accordingly, Dassault Systèmes’s compliance program is based on the requirements set out in this implementing regulation. 

Under the NIS 2 framework, specific registration rules apply to digital service providers subject to the implementing regulation, with the objective of centralising their registration within the European Union.

These rules aim to designate a single lead competent cybersecurity authority in one EU Member State. This authority is responsible in particular for:

• receiving incident and vulnerability notifications;
• coordinating with other competent authorities designated across the EU.

Dassault Systèmes is currently working on identifying the relevant competent authority and registering its services in accordance with the requirements set out under the NIS 2 framework.

An EU regulation (directly applicable since January 2025) establishing resilience and ICT risk management requirements for financial entities, including rules on how they must manage their technology providers.

Through a dedicated Financial Sector Addendum to the Dassault Système license agreement, applicable to both non-critical and critical functions, available upon request through your account team.